VOID Dlg_PopulateModuleList(HWND hwnd) {
HWND hwndModuleHelp = GetDlgItem(hwnd, IDC_MODULEHELP);
ListBox_ResetContent(hwndModuleHelp);
CToolhelp thProcesses(TH32CS_SNAPPROCESS);
PROCESSENTRY32 pe = { sizeof(pe) };
BOOL fOk = thProcesses.ProcessFirst(&pe);
for (; fOk; fOk = thProcesses.ProcessNext(&pe)) {
CToolhelp thModules(TH32CS_SNAPMODULE, pe.th32ProcessID);
MODULEENTRY32 me = { sizeof(me) };
BOOL fOk = thModules.ModuleFirst(&me);
for (; fOk; fOk = thModules.ModuleNext(&me)) {
int n = ListBox_FindStringExact(hwndModuleHelp, -1, me.szExePath);
if (n == LB_ERR) {
// This module hasn't been added before
ListBox_AddString(hwndModuleHelp, me.szExePath);
}
}
}
HWND hwndList = GetDlgItem(hwnd, IDC_PROCESSMODULELIST);
SetWindowRedraw(hwndList, FALSE);
ComboBox_ResetContent(hwndList);
int nNumModules = ListBox_GetCount(hwndModuleHelp);
for (int i = 0; i < nNumModules; i++) {
TCHAR sz[1024];
ListBox_GetText(hwndModuleHelp, i, sz);
// Place module name (without its path) in the list
int nIndex = ComboBox_AddString(hwndList, _tcsrchr(sz, TEXT('\\')) + 1);
// Associate the index of the full path with the added item
ComboBox_SetItemData(hwndList, nIndex, i);
}
ComboBox_SetCurSel(hwndList, 0); // Select the first entry
// Simulate the user selecting this first item so that the
// results pane shows something interesting
FORWARD_WM_COMMAND(hwnd, IDC_PROCESSMODULELIST,
hwndList, CBN_SELCHANGE, SendMessage);
SetWindowRedraw(hwndList, TRUE);
InvalidateRect(hwndList, NULL, FALSE);
}
VOID ShowModuleInfo(HWND hwnd, PCTSTR pszModulePath) {
SetWindowText(hwnd, TEXT("")); // Clear the output box
CToolhelp thProcesses(TH32CS_SNAPPROCESS);
PROCESSENTRY32 pe = { sizeof(pe) };
BOOL fOk = thProcesses.ProcessFirst(&pe);
AddText(hwnd, TEXT("Pathname: %s\r\n\r\n"), pszModulePath);
AddText(hwnd, TEXT("Process Information:\r\n"));
AddText(hwnd, TEXT(" PID %-*s Process\r\n"),
s_cchAddress, TEXT("BaseAddr"));
for (; fOk; fOk = thProcesses.ProcessNext(&pe)) {
CToolhelp thModules(TH32CS_SNAPMODULE, pe.th32ProcessID);
MODULEENTRY32 me = { sizeof(me) };
BOOL fOk = thModules.ModuleFirst(&me);
for (; fOk; fOk = thModules.ModuleNext(&me)) {
if (_tcscmp(me.szExePath, pszModulePath) == 0) {
AddText(hwnd, TEXT(" %08X %p %s\r\n"),
pe.th32ProcessID, me.modBaseAddr, pe.szExeFile);
}
}
}
}
void OnRefreshProcesses()
{
HWND hwndList = GetDlgItem(g_hDlg, IDC_COMBO_PROCESS);
SetWindowRedraw(hwndList, FALSE);
ComboBox_ResetContent(hwndList);
CToolhelp thProcesses(TH32CS_SNAPPROCESS);
PROCESSENTRY32 pe = { sizeof(pe) };
BOOL fOk = thProcesses.ProcessFirst(&pe);
for (; fOk; fOk = thProcesses.ProcessNext(&pe)) {
TCHAR sz[1024];
// Place the process name (without its path) & ID in the list
PCTSTR pszExeFile = _tcsrchr(pe.szExeFile, TEXT('\\'));
if (pszExeFile == NULL) {
pszExeFile = pe.szExeFile;
} else {
pszExeFile++; // Skip over the slash
}
StringCchPrintf(sz, _countof(sz), TEXT("%04u - %s"), pe.th32ProcessID, pszExeFile);
int n = ComboBox_AddString(hwndList, sz);
// Associate the process ID with the added item
ComboBox_SetItemData(hwndList, n, pe.th32ProcessID);
}
ComboBox_SetCurSel(hwndList, 0); // Select the first entry
// Simulate the user selecting this first item so that the
// results pane shows something interesting
FORWARD_WM_COMMAND(g_hDlg, IDC_COMBO_PROCESS,
hwndList, CBN_SELCHANGE, SendMessage);
SetWindowRedraw(hwndList, TRUE);
InvalidateRect(hwndList, NULL, FALSE);
}
VOID Dlg_PopulateProcessList(HWND hwnd)
{
HWND hwndList = GetDlgItem(hwnd, IDC_PROCESSMODULELIST);
SetWindowRedraw(hwndList, FALSE);
ComboBox_ResetContent(hwndList);
CToolhelp thProcesses(TH32CS_SNAPPROCESS);
PROCESSENTRY32 pe = { sizeof(pe) };
BOOL fOk = thProcesses.ProcessFirst(&pe);
/* Call function Process32Next for each process in the system */
for (; fOk; fOk = thProcesses.ProcessNext(&pe))
{
TCHAR sz[1024];
/* Place the process name (without its path) & ID in the list */
PCTSTR pszExeFile = _tcsrchr(pe.szExeFile, TEXT('\\'));
if (pszExeFile == NULL)
{
pszExeFile = pe.szExeFile;
}
else
{
/* Skip over the slash */
pszExeFile++;
}
/* Append the code/resource integrity level and policy */
DWORD dwCodeIntegrityLevel = 0;
DWORD dwCodePolicy = TOKEN_MANDATORY_POLICY_OFF;
DWORD dwResourcePolicy = 0;
DWORD dwResourceIntegrityLevel = 0;
TCHAR szCodeDetails[256];
szCodeDetails[0] = TEXT('\0');
TCHAR szResourceDetails[256];
szResourceDetails[0] = TEXT('\0');
if (GetProcessIntegrityLevel(pe.th32ProcessID, &dwCodeIntegrityLevel,
&dwCodePolicy, &dwResourceIntegrityLevel, &dwResourcePolicy)) {
switch (dwCodeIntegrityLevel) {
case SECURITY_MANDATORY_LOW_RID:
_tcscpy_s(szCodeDetails, _countof(szCodeDetails),
TEXT("- Low "));
break;
case SECURITY_MANDATORY_MEDIUM_RID:
_tcscpy_s(szCodeDetails, _countof(szCodeDetails),
TEXT("- Medium "));
break;
case SECURITY_MANDATORY_HIGH_RID:
_tcscpy_s(szCodeDetails, _countof(szCodeDetails),
TEXT("- High "));
break;
case SECURITY_MANDATORY_SYSTEM_RID:
_tcscpy_s(szCodeDetails, _countof(szCodeDetails),
TEXT("- System "));
break;
default:
_tcscpy_s(szCodeDetails, _countof(szCodeDetails),
TEXT("- ??? "));
}
if (dwCodePolicy == TOKEN_MANDATORY_POLICY_OFF) { // = 0
_tcscat_s(szCodeDetails,
_countof(szCodeDetails), TEXT(" + no policy"));
} else {
if ((dwCodePolicy & TOKEN_MANDATORY_POLICY_VALID_MASK) == 0) {
_tcscat_s(szCodeDetails, _countof(szCodeDetails),
TEXT(" + ???"));
} else {
if ((dwCodePolicy & TOKEN_MANDATORY_POLICY_NO_WRITE_UP)
== TOKEN_MANDATORY_POLICY_NO_WRITE_UP) {
_tcscat_s(szCodeDetails, _countof(szCodeDetails),
TEXT(" + no write-up"));
}
if ((dwCodePolicy & TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)
== TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN) {
_tcscat_s(szCodeDetails, _countof(szCodeDetails),
TEXT(" + new process min"));
}
}
}
switch (dwResourceIntegrityLevel) {
case SECURITY_MANDATORY_LOW_RID:
_tcscpy_s(szResourceDetails,
_countof(szResourceDetails), TEXT("Low"));
break;
case SECURITY_MANDATORY_MEDIUM_RID:
_tcscpy_s(szResourceDetails,
_countof(szResourceDetails), TEXT("Medium"));
break;
case SECURITY_MANDATORY_HIGH_RID:
_tcscpy_s(szResourceDetails,
_countof(szResourceDetails), TEXT("High"));
break;
case SECURITY_MANDATORY_SYSTEM_RID:
_tcscpy_s(szResourceDetails,
_countof(szResourceDetails), TEXT("System"));
break;
case 0:
_tcscpy_s(szResourceDetails,
_countof(szResourceDetails), TEXT("Not set"));
break;
default:
_tcscpy_s(szResourceDetails,
_countof(szResourceDetails), TEXT("???"));
}
if (dwResourcePolicy == 0) { // = 0
_tcscat_s(szResourceDetails,
_countof(szResourceDetails), TEXT(" + 0 policy"));
} else {
if ((dwResourcePolicy & TOKEN_MANDATORY_POLICY_VALID_MASK) == 0) {
_tcscat_s(szResourceDetails,
_countof(szResourceDetails), TEXT(" + ???"));
} else {
if ((dwResourcePolicy & SYSTEM_MANDATORY_LABEL_NO_WRITE_UP)
== SYSTEM_MANDATORY_LABEL_NO_WRITE_UP) {
_tcscat_s(szResourceDetails,
_countof(szResourceDetails),
TEXT(" + no write-up"));
}
if ((dwResourcePolicy & SYSTEM_MANDATORY_LABEL_NO_READ_UP)
== SYSTEM_MANDATORY_LABEL_NO_READ_UP) {
_tcscat_s(szResourceDetails,
_countof(szResourceDetails),
TEXT(" + no read-up"));
}
if ((dwResourcePolicy & SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
== SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP) {
_tcscat_s(szResourceDetails,
_countof(szResourceDetails),
TEXT(" + no execute-up"));
}
}
}
}
StringCchPrintf(sz, _countof(sz), TEXT("%s (0x%08X) %s [%s]"),
pszExeFile, pe.th32ProcessID, szCodeDetails, szResourceDetails);
int n = ComboBox_AddString(hwndList, sz);
// Associate the process ID with the added item
ComboBox_SetItemData(hwndList, n, pe.th32ProcessID);
}
ComboBox_SetCurSel(hwndList, 0); // Select the first entry
// Simulate the user selecting this first item so that the
// results pane shows something interesting
FORWARD_WM_COMMAND(hwnd, IDC_PROCESSMODULELIST,
hwndList, CBN_SELCHANGE, SendMessage);
SetWindowRedraw(hwndList, TRUE);
InvalidateRect(hwndList, NULL, FALSE);
}
